Cryptology ePrint Archive: Report 2013/805

Abstract: Proofs of computational effort were devised to control denial of service attacks.
Dwork and Naor (CRYPTO '92), for example, proposed to use such proofs to discourage spam.
The idea is to couple each email message with a proof of work that demonstrates the sender performed some computational task.
A proof of work can be either CPU-bound or memory-bound. In a CPU-bound proof, the prover must
compute a CPU-intensive function that is easy to check by the verifier. A memory-bound proof, instead, forces the prover to access the main memory several times, effectively replacing
CPU cycles with memory accesses.

In this paper we put forward a new concept dubbed {\em proof of space}. To compute such a proof, the prover must use a specified amount of space, i.e., we are not interested in the number of accesses to the main memory (as in memory-bound proof of work) but rather on the amount of actual memory the prover must employ to compute the proof.
We give a complete and detailed algorithmic description of our model. We develop a full theoretical analysis which uses combinatorial tools from Complexity Theory (like pebbling games) which are essential in studying space lower bounds.

We remark that a similar concept
has recently been described by Dziembowski et al.
(Workshop held in Warsaw, 2013), however their proof-of-space paradigm
is more in line with memory-bound proof of work since the prover can trade off space with computation while our definition disallow this prospect.

Specifically, their technique generalizes the hash-based PoW of Cash [6] and does not employ the pebbling framework of [14]. They later posted on the Crypto Eprint repository (on November 28, 2013) a major overhaul version that does use pebbling and adopts techniques similar to ours [15]. We submitted our paper on October 17, 2013 to a major crypto conference.